Secure Active RFID Tag System

Transcription

1 Secure Active RFID Tag System Isamu Yamada 1, Shinichi Shiotsu 1, Akira Itasaki 2, Satoshi Inano 1, Kouichi Yasaki 2, and Masahiko Takenaka 2 1 Fujitsu Laboratories Ltd. 64 Nishiwaki, Ohkubo-cho, Akashi , JAPAN {yamada.isamu, sshiotsu, 2 Fujitsu Limited. 64 Nishiwaki, Ohkubo-cho, Akashi , JAPAN {itasaki.akira,yasaki.kouichi, Abstract. Recently, Radio Frequency Identification (RFID) tags are examined for various usages. Active type of tags which incorporates a battery is being applied to a person to detect the person s position. Usually, the active tag always widely transmits ID at constant intervals. Therefore, there is a security issue that the radio signal is easily observed from a place away by an uncertain party. The party can easily perceive the existence of the user who has the tag. We report here that we designed a new active RFID tag system that solves such a security issue. 1 Introduction The Radio Frequency Identification (RFID) tag can be roughly classified into passive and active types of tags. The passive tag does not incorporate a battery and responds with the energy provided by a reader/writer. Communication range is short, but the cost is low. This type of tags are expected to be applied to improve efficiencies in the area of the cash register, picking work at a delivery center, inventory control, and distribution/traceability. Active tag s communication range is long, but coverage of application is limited because of its high-cost. Both passive and active types of tags are being applied to various areas for their best use case[1]. Regarding the active tag, the some trials have been started providing various services to the user. There are, for example, a monitoring system for school children who commute to and from school[2,3], an integrated information support system for exhibitions in EXPO2005 AICHI JAPAN[4], and a PC locking system with utilizing the active RFID tag[5]. When the user who has a tag approaches to the reader, the reader detects the tag signal. A tag ID corresponded to the person can be extracted from the tag signal. As a result, the position of the user near to the reader is recognized, and appropriate service comes to be provided, even though the user doesn t consider anything. However, security issues have been pointed out against these trials[6,7]. A security enhanced active tag is proposed[8], but we think that is not an essential solution. Most important issue on security for active tag is that the conventional active tag is always broadcasting IDs as a radio signal. The user with the active tag is publicly exposed while always sending the radio signal Ubicomp2005 Workshops

2 saying I am here. The radio signal is being easily observed and being pursued with a cheap reader. The authors think that the active tag will not be widely deployed unless and until such a security issue is solved. 2 System method 2.1 Comparison between conventional active RFID and proposed one Table 1 shows the classification of the tags. The communication range of the conventional active tag can be longer compared with a passive tag because it incorporates a battery. In case of applying the conventional active tag, the applied area should be limited in a safe area because it has a security issue. In case of a passive tag, it sends a radio signal only when it is inquired by the reader/writer. Therefore, no unnecessary radio signal is transmitted. However, it responds basically even though the reader/writer is not right one. So, there is a risk that the ID is being read from a place away. If the tag of 13.56MHz is used, the risk is low because the communication range is around 70cm with a large-scale antenna. In case of the UHF tag, the risk is more serious because it has a longer communication range about 3-7m. The communication range becomes longer, the convenience in operation improves. But if it is applied to a person, the risk would become non-negligible. We propose a method to solve these issues. It characterizes in having higher security strength than the passive tag, while maintaining the communication range and the battery life to be equal with a conventional active tag. Table 1. Classification of RFID tags Items Passive RFID tag Active RFID tag (Con.) Active RFID tag (new) Comm. Range 70cm/ 3m - 7m more than 10m around 10m Battery life (no battery) around 1 year around 1 year Security weak N/A, or weak strong Cost less than $1 less than $10 around $10 Application distribution/ inventory control of goods. tracking person (restricted area) tracking person (no restriction) 2.2 Security requirements for new active tag The issues on the security for a conventional active tag are listed below. A) Radio signal from the active tag can be easily monitored by a cheap reader. Under the current situation in which the active tag is not widely deployed, transmitting radio signal itself becomes a threat. B) The ID is tapped. Pursuing the behavior of the user who has the active tag becomes possible by tapping ID transmitted from the active tag Ubicomp2005 Workshops

3 C) Replay attack is being done by spoofing. It is possible to spoof as the user by capturing the radio signal and resending the captured signal to the reader. 2.3 Attestation process for new active RFID tag Fig. 1 shows the attestation process between the reader/writer and the tag. Both the reader/writer(or its server) and the tag safely manage the secret information (key, time, SysID, and TagID). Reader/Writer RFID Tag (i) ID request command is encrypted, and sent. The encrypted (ii) radio signal (iii) The command is attested. OK! NG! (vii) The response is attested. (vi) (iv) TagID is encrypted, and responded (v) STOP! Do not respond. Fig. 1. Flow of the attestation process (i) The reader/writer encrypts the ID inquiring command with the time and the SysID by using the common key, and transmits the encrypted command. (ii) A radio signal sent from the reader/writer varies every time because the time data is included in the encrypted command. (iii) The attestation process is executed in the tag. After the decryption process, the tag checks if the time difference between the time from the reader/writer and the time clocked in the tag is below the prescribed value, and the decrypted SysID concretely agrees to the sysid data stored in the tag. If both are okay, it is judged that the reader/writer is attested. (iv) If attested, the tag encrypts TagID with the time data and responds. (v) If not attested, the tag stops processing. This solves issue A). (vi) The response from the tag also varies every time because of the time data. This solves issue B). (vii) The attestation process is executed in the reader/writer. After the decryption process, the reader/writer side checks if the time difference between the time from the tag and the time clocked in the reader/writer side is below the prescribed value. If so, it is judged that the tag is attested. This solves issue C). 3 Prototype System To verify the proposed method, we made a prototype. See Fig. 2 and Fig.3. Their radio frequency is 315MHz, and the transmission power is below In the reader/writer, the frequency for receiving and transmitting is different, and it has independent receiver and transmitter. The transmitter repeats only the transmission, and the Ubicomp2005 Workshops

4 receiver repeats only the receiving. This configuration enables intermittent operation at the tag side. The purpose of two receiver system is to improve receiving sensitivity. A pair of two transmitter antennas improves signal quality at the tag side. The timing for receiving and transmitting is divided in the tag, so it has only one antenna and one combined transceiver and receiver in the tag. Box (right) Transmitter f1 System server Box (left) Main receiver f2 RV TR Controller Client terminal Cont- Sub roller receiver Reader/writer Secure active tag Fig. 2. System configuration of the reader/writer and the tag. The system is under development. However, we could achieve that communication range of 10m, and battery life of 10.6 months with CR2032 battery at 1.4 seconds intermittent. Receiver antennas Antenna Transmitter antennas Reader/ write prototype Secure active tag prototype Fig. 3. Photographs of a reader/writer prototype and an active tag prototype 4 Summary We introduced a new active tag method and a prototype system which strengthen the security. This system solves the serious security issue that was critical in the conventional active tag. Moreover, the prototype system achieved practicable battery life. We think the most important hurdle for commercialization was cleared. Hereafter, we think about the design of the entire system for practical use and application to various usages in the future Ubicomp2005 Workshops

Radio Frequency Identification (RFID) Presenter: Dusan Stevanovic April 3, 2007 Introduction RFID are systems that transmit identity (in the form of a unique serial number) of an object or person wirelessly,

IT-Based Safety and Security Solutions for Schools V Atsushi Horiguchi V Kazuhisa Shibafuji V Kenichi Ota (Manuscript received December 8, 2006) The number of violent crimes against children has increased

International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University

Ten Deadly Sins in Wireless Security The emergence and popularity of wireless devices and wireless networks has provided a platform for real time communication and collaboration. This emergence has created

Privacy and Security in library RFID Issues, Practices and Architecture David Molnar and David Wagner University of California, Berkeley CCS '04 October 2004 Overview Motivation RFID Background Library

Preface Radio frequency identification (RFID) is a modern wireless data transmission and reception technique for applications including automatic identification, asset tracking and security surveillance.

RFID SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the

Introduction to RFID Technology 1 Definition RFID (Radio Frequency Identification) is a technology that enables the electronic and wireless labeling and identification of objects, humans and animals Radar

RFID 101: Using RFID to Manage School Assets and Achieve Huge Savings Are You Missing Out On Huge Savings through Better Asset Management? Many schools around the country have implemented wireless networking

Design And Implementation Of Bank Locker Security System Based On Sensing Circuit And RFID Reader Khaing Mar Htwe, Zaw Min Min Htun, Hla Myo Tun Abstract: The main goal of this system is to design a locker

AAS Automatic Attendance System Grant Hornback, Alex Babu, Bobby Martin, Ben Zoghi, Madhav Pappu, Rohit Singhal Abstract Due to the easy availability of almost all information on the internet these days,

February 17, 2015 RFID, NFC and BLE: What Are They, and Which One Should Retailers Use? RFID, NFC and BLE stand for Radio Frequency Identification, Near Field Communication and Bluetooth Low Energy, respectively

Privacy Threats in RFID Group Proof Schemes HyoungMin Ham, JooSeok Song Abstract RFID tag is a small and inexpensive microchip which is capable of transmitting unique identifier through wireless network

Hitachi Review Vol. 53 (2004),. 2 83 Application of Tracking Technology to Access-control System OVERVIEW: An access-control system that applies tracking technology to control the movement of people and

Radio Frequency Identification This white paper provides an overview of the numerous application-related and technical aspects of RFID systems. It explores the benefits of deploying RFID procedures and

The RFID Revolution: Your voice on the Challenges, Opportunities and Threats Online Public Consultation Preliminary Overview of the Results 16 October 2006 Disclaimer: This document is a working document

Network Services Required for Business Operations Using Smartphones Motoyuki Kimura Studies are in process to make use of smartphones and tablets, which have rapidly become widespread in the consumer market,

The IT Guide to RFID Solutions for Schools The Technology, Applications, and Benefits Radio frequency identification, or RFID, has become a leading technology in providing automated and reliable location

Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

Section 2.3 Authentication Technologies 1 Authentication The determination of identity, usually based on a combination of something the person has (like a smart card or a radio key fob storing secret keys),

Introduction to This document describes the process that will enable you to access the ODOT servers and Microsoft Outlook (E-mail) when you are away from your office and not on the internet. The process

3M Cogent, Inc. White Paper Beyond Wiegand: Access Control in the 21st Century a 3M Company Unprecedented security features & capabilities Why Wiegand? The Problem with Wiegand In 1970, John Wiegand invented

Special Topics in Security and Privacy of Medical Information Sujata Garera Reminders Assignment due today Project part 1 due on next Tuesday Assignment 2 will be online today evening 2nd Discussion session

Threat Modeling a SharePoint Application: An exploratory exercise in preventing data breaches and theft. By Tony Graves SharePoint Developer and Consultant February 22. 2015 Threat modeling is about using

ANYTIME ANYPLACE-REMOTE MONITORING OF STUDENTS ATTENDANCE BASED ON RFID AND GSM NETWORK Mr.C.S.Karthikeyan 1 S.Murugeswari 2 Assistant professor, Dept. of ECE, Kamaraj College of Engineering and Technology,

18 CHAPTER 2 RFID TECHNOLOGY AND ITS APPLICATIONS TO HUMAN TRACKING In this chapter, we briefly review some of the basic technical details pertaining to RFID Technology, its advantages and shortcomings

Large Vehicle Scale RFID Is it now viable for use? Antti Permala Technical Research Centre of Finland (VTT) 12 June 2008 Contents Development during last years Technology Applications Cases 2 Three years